Posts

How not to fall prey to the latest email threat

The FBI is warning of a new email scam that claims to know of your visits to porn websites.(Photo: Getty Images)

The email addresses you by name and knows one of your online passwords – and even may include the last three digits of your phone number.

Assured it has your attention, it then proceeds to claim that malware placed on a porn site you’ve visited will expose you. Unless you pay up.

Count yourself lucky if you haven’t received this email or a similar one in the past few months.These so-called sextortion scams are on the rise, fueled by the past years’ data breaches that have released personal information into the wild.

“Anecdotally, it appears to be very prevalent,” said Cooper Quintin, a cybersecurity researcher at the Electronic Frontier Foundation.

The fraud banks on the chance that one of its potential marks – you, perhaps – has been visiting porn sites or has been cheating on a partner, and so believes the letter’s sender really has secret information.

One such email claims that “while you were watching the video, your web browser acted as a RDP (Remote Desktop) and a keylogger provided me access to your display screen and webcam. Right after that, my software gathered all your contacts from your Messenger, Facebook account and email account.”

What’s more, it says you were recorded as you were viewing the porn. (“Yep! It’s you doing nasty things!” reads the scam letter.) If that weren’t enough, the email claims all of your personal contacts — family, friends, co-workers — have been stolen. Now the blackmailer is giving you 24 hours to make a payment, often several thousand dollars, via Bitcoin.

“If I don’t get the payment,” the email continues, “I will send your video to all of your contacts including relatives, coworkers, and so forth.”

According to Steven D’Antuono, chief of the FBI’s financial crime section, it’s what they call “a scare scam.” The FBI is seeing a rise in reported cases this summer, so much so that the Bureau issued an alert on the matter in August.

What makes this scam different? Most phishing scams try to steal passwords, but this one already has your stolen password – and uses that information to try to reel in the victim.

“The messages are sent to email addresses exposed in previous known data breaches in which the user database (email address and password) was indexed online,” said Brian Krebs, editor of the security news site KrebsOnSecurity.com.

Cindy Ratzlaff, a retired publishing executive, received the extortion email in early August.

“The most frightening thing was that they referred to a password I once used,” she said. Her letter claimed to have a split-screen video of her watching porn, as captured by her computer’s camera. She knew it was fake — because she’s never visited a porn site and she keeps a green Post-it over the camera eye — “but it was still very concerning.” She told her husband, then immediately deleted the email, emptied the trash and rebooted the computer. As a final precaution, she then changed all her passwords.

Ratzlaff did all the right things, according to Eric Vanderburg, vice president of cybersecurity at Greensboro, North Carolina-based computer forensics firm TCDI. First, she avoided paying the ransom and then didn’t engage with the threat.

“It is best to interact with the email as little as possible. Do not click on any links in the message nor open any attachments, as this could infect your computer with malware,” he said.

Earlier this month, Sam Fromartz, editor-in-chief of the Food and Environment Reporting Network, came home from vacation to find a typewritten letter sent to him by name via the U.S. Postal Service. If he didn’t send $8,000 via Bitcoin, the letter said, his porn-viewing video would be released to his wife.

Fromartz knew it was a scam – he doesn’t watch porn – but what puzzled him most were the Bitcoin payment instructions. “It took up a full page and was so complicated. I wonder how anyone would decipher how to do it,” he says.

The addition of Bitcoin to the phishing blackmail is a new twist on old scams, the FBI’s D’Antuono says. Paying via Bitcoin is more anonymous than other methods, he says, because it’s nearly impossible to trace and, as he notes, once a payment is made “there’s not much you can do to get Bitcoin funding back.”

Who’s behind these schemes, often referred to as “sextortion?” That’s not clear. The FBI notes the scam could come from anyplace.

I was curious to know if actual porn watchers were more at risk than others for being scammed. But cybersecurity experts say it’s an equal opportunity threat: one’s viewing habits have nothing to do with who is targeted. TCDI’s Vanderburg notes that victims are likely chosen simply because their name and password have been “exfiltrated” in a data breach. So if you’ve had your info stolen in a past breach, you may be more vulnerable.

The takeaway:

· The EFF’s Cooper Quintin suggests practicing good “security hygiene,” which means regularly changing passwords and user names, signing up for a password manager like Dashlane, 1Password, or KeePass, and using two-factor authentication (which usually means responding to a text to your phone in addition to entering your username and password on a site as added proof that it’s really you).

· Since laptops and many desktops are equipped with cameras and microphones, Vanderburg recommends covering the camera lens and adding a micblock to the microphone/headphone port on your computer.

· The FBI’s D’Antuono recommends reporting any scams like these to IC3.gov, the FBI’s Internet Crime Complaint Center, or contact your local FBI office (or toll-free at 1-800-CALL-FBI). “Predators are out there,” he says. “We need everyone’s help to stop this.”

· Finally, “don’t respond to spam at all, period,” says security expert Krebs. “Don’t pay off extortionists.” In other words, be computer smart and think before you click.

USA TODAY columnist Steven Petrow offers advice about living in the digital age. Submit your question at stevenpetrow@gmail.com. You can also follow Petrow on Twitter: @StevenPetrow. Or like him on Facebook at facebook.com/stevenpetrow.